b14af38c4230de20c7c4fefc1e3c5fffb1562bacedfebc56a508f55182a6fe88

Analysis

max time kernel
15s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 16:31

Target

leadiadequatepro.exe
Size

2.0MB
MD5

c65649e0712ef674ecfc447b17e9d62d
SHA1

c50a7e942c0517bfbd6dab00f2008b0f93664453
SHA256

b14af38c4230de20c7c4fefc1e3c5fffb1562bacedfebc56a508f55182a6fe88
SHA512

c624562c5df7e734c1fdb2c9c4267adb2c810ef4665ff4ad9924e49412e435d0e71209fce4ea5dd6b09a9efa7fe549435e7549286e1e8da4a6e798f927c3d5b3
SSDEEP

24576:bwZJshP4GuGwKCHyO1Fs43klhl+qdLVD5jAA+V4GuMWMDXB2IxLJ8Ch:kZJshQ+OH3u+qdpDWMMlxbNf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

leadiadequatepro.exe

description	pid	process	target process
PID 1344 wrote to memory of 2280	1344	leadiadequatepro.exe	WerFault.exe
PID 1344 wrote to memory of 2280	1344	leadiadequatepro.exe	WerFault.exe
PID 1344 wrote to memory of 2280	1344	leadiadequatepro.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\leadiadequatepro.exe
"C:\Users\Admin\AppData\Local\Temp\leadiadequatepro.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1344 -s 196
  2⤵
  PID:2280